DGS-6604
m
switchport port-security
CLI Reference Guide
887
switchport port-security
Use this command to configure port security setting of a specified port interface
to restrict the allowable number of users that can gain access to the port.
Use the no form of the command to disable the port security, or delete user-
defined secure MAC address.
switchport port-security [maximum
VALUE
| violation {protect | shutdown} | mode
{permanent | delete-on-timeout}]
no switchport port-security
Default
Disabled
maximum
VALUE
: 1
mode
:
delete-on-timeout
violation
:
shutdown
Command Mode
Interface configuration at Privilege level 15
Global configuration with Privilege level 15 (only for a
no port-security
command).
Usage Guideline
The valid interface for this configuration is a physical port.
The VLAN does not need to exist for the command to succeed.
When the mode is permanent, the learned entries will be stored automatically
and restored after a reboot.
Syntax Description
maximum
VALUE
(Optional) Specifies the maximum allowable number of secure MAC addresses
(users) The range for the VALUE is project dependent.
violation {protect |
shutdown}
(Optional) Specifies the action to be taken when a security violation is detected:
protect
: Drops all the packets from the insecure hosts at the port-security
process level but does not increment the security-violation count.
shutdown
: Shutdown the port if there is a security violation.
mode { permanent |
delete-on-timeout }
Specifies the port security mode:
The different option keywords are described below:
permanent
: This mode defines that all learnt MAC addresses will not be purged
unless a user deletes those entries manually.
delete-on-timeout
: Setting this mode defines that all learnt MAC addresses will
be purged when an entry is aged-out or a user deletes these entries manually.